him411/wlan-ap-Telecominfraproject
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/wlan-ap.git synced 2025-12-16 17:01:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

opensync: add radsec, radius proxy and apc functionality

Browse Source 
- add ovsdb schema for radsec and radius proxy config
- add radsec and radius proxy functionality
- add APC functionality for radsec and radius proxy
  Send APC mode information through ubus
  from APC application to WM.
  Use the APC mode to direct the configuration
  of radius proxy.
  We get this information from APC:
  mode:
	DR (Designated Router)
	BDR (Back up Designated Router)
	OR (Other Router)
	NC (Not connected/Not configured)
  bdr_addr: IP of the BDR
  dr_addr: IP of the DR
  enabled: If Enabled/Disabled

Signed-off-by: Arif Alam <arif.alam@netexperience.com>
Signed-off-by: Chaitanya Godavarthi <chaitanya.kiran@netexperience.com>
This commit is contained in:
Arif Alam 2021-03-02 09:39:02 -05:00 committed by Rick Sommerville
parent 42a87e7fa4
commit dd86dfceb0
24 changed files with 1314 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
feeds/wlan-ap/apc/Makefile
View File

@ -11,7 +11,7 @@ include $(INCLUDE_DIR)/package.mk
define Package/apc
SECTION:=base
DEPENDS:=+libev +libinterapcomm
DEPENDS:=+libev +libinterapcomm +libubus +libubox
CATEGORY:=Base system
TITLE:=Access Point Coordinator
endef
@ -33,5 +33,11 @@ endef
define Package/apc/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_DATA) $(PKG_BUILD_DIR)/apc $(1)/usr/bin
chmod 0700 $(1)/usr/bin/apc
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/apc.init $(1)/etc/init.d/apc
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_BIN) ./files/apc.config $(1)/etc/config/apc
endef
$(eval $(call BuildPackage,apc))

0
feeds/wlan-ap/apc/files/apc.config Normal file
View File

20
feeds/wlan-ap/apc/files/apc.init Normal file
View File

@ -0,0 +1,20 @@
#!/bin/sh /etc/rc.common
USE_PROCD=1
START=40
STOP=40
PROG="/usr/bin/apc"
start_service() {
procd_open_instance
echo "Starting APC"
procd_set_param command ${PROG}
procd_set_param respawn
procd_close_instance
}
stop_service() {
echo "Killing APC"
killall -s SIGTERM apc
}

6
feeds/wlan-ap/apc/src/Makefile
View File

@ -3,19 +3,21 @@ srcdir ?= .
VPATH ?= $(srcdir)/src
LIBS = -lpthread -lrt -linterapcomm -lev
LIBS = -lpthread -lrt -linterapcomm -lev -lubus -lubox
$(call output,usr/sbin/wc-apc)
CFLAGS += -I./include/ \
-I../include/
CFLAGS += -DUBUS_SUPPORT
CFLAGS += -Wall -g
CFLAGS += -MMD -Wall -g -Wpointer-arith -Wcast-qual -Wshadow \
-Waggregate-return -Wnested-externs -Wstrict-prototypes \
-fno-omit-frame-pointer -g -rdynamic -fexceptions -funwind-tables -funsigned-char
OBJS := apc_main.o \
hello.o iface.o neighbor.o apc.o
hello.o iface.o neighbor.o apc.o ubus.o
all: apc

2
feeds/wlan-ap/apc/src/include/apc.h
View File

@ -262,6 +262,8 @@ struct apc_neighbor
#define APC_IS_DROTHER 4 /* I'm on BCAST or NBMA and I'm not DR */
#define APC_IS_BACKUP 5 /* I'm BDR */
#define APC_IS_DR 6 /* I'm DR */
#define APC_MAX_MODE 7
/* Definitions for interface state machine */
#define ISM_UP 0 /* Interface Up */

22
feeds/wlan-ap/apc/src/include/ubus.h Normal file
View File

@ -0,0 +1,22 @@
/*
* netifd - network interface daemon
* Copyright (C) 2012 Felix Fietkau <nbd@openwrt.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*/
#ifndef __NETIFD_UBUS_H
#define __NETIFD_UBUS_H
extern struct ubus_context *ubus_ctx;
int ubus_init();
void ubus_done(void);
#endif

57
feeds/wlan-ap/apc/src/src/apc_main.c
View File

@ -21,9 +21,11 @@
#include <nest/apcn.h>
#include <apc.h>
#include <protocol.h>
#include <ubus.h>
static ev_io iac_io;
static ev_timer check_timer;
#include <libubus.h>
static struct uloop_timeout check_timer;
static void check_timer_handler(struct uloop_timeout *timeout);
static unsigned int CheckIp;
static int CheckCount;
@ -228,8 +230,7 @@ int set_socket(void)
/*************************************/
static void check_timer_handler(struct ev_loop *loop, ev_timer *timer,
int revents)
static void check_timer_handler(struct uloop_timeout *timeout)
{
timers_go();
if (WaitingToReelect)
@ -256,25 +257,45 @@ static void check_timer_handler(struct ev_loop *loop, ev_timer *timer,
}
CheckCount = 0;
if (ApcSpecSaved.IsApc == I_AM_APC)
{
//Radius stuff
}
}
uloop_timeout_set(&check_timer, 1000);
uloop_timeout_add(&check_timer);
}
static void handle_signal(int signo)
{
system("/usr/opensync/bin/ovsh u APC_State dr_addr:=0.0.0.0 bdr_addr:=0.0.0.0 enabled:=false mode:=NC");
}
static void set_signals(void)
{
struct sigaction s;
memset(&s, 0, sizeof(s));
s.sa_handler = handle_signal;
s.sa_flags = 0;
sigaction(SIGINT, &s, NULL);
sigaction(SIGTERM, &s, NULL);
sigaction(SIGPIPE, &s, NULL);
}
extern struct ubus_context *ubus_ctx;
int main(int argc, char *const* argv)
{
struct proto_config c;
struct proto * apc_proto;
struct ev_loop *loop = EV_DEFAULT;
uloop_init();
/*init term signals*/
set_signals();
/*Socket*/
set_socket();
/*Radius stuff*/
printf("Basic MAC\n");
memset(MyBasicMac, 0, 6);
if (get_mac_addr("br-wan", MyBasicMac) == 0) {
printf("APC: br-wan mac:%02X:%02X:%02X:%02X:%02X:%02X\n",
@ -291,6 +312,7 @@ int main(int argc, char *const* argv)
/*get local ip of br-wan*/
MyIpAddr = 0;
printf("Getting br-wan IP\n");
while(1)
{
GetLocalIpv4Addr((unsigned char *)&MyIpAddr, "br-wan");
@ -303,10 +325,12 @@ int main(int argc, char *const* argv)
/*listening interAP*/
callback cb = receive_from_socket;
if (interap_recv(IAC_APC_ELECTION_PORT, cb, 1000,
loop, &iac_io) < 0)
NULL, NULL) < 0)
printf("Error: Failed InterAP receive");
memset(Timers, 0, sizeof(Timers));
memset(&c, 0, sizeof(struct proto_config));
@ -319,11 +343,14 @@ int main(int argc, char *const* argv)
ApcProto = (struct apc_proto *)apc_proto;
proto_apc.start(apc_proto);
ev_timer_init(&check_timer, check_timer_handler, 1, 1);
check_timer.cb = check_timer_handler;
uloop_timeout_set(&check_timer, 1000);
uloop_timeout_add(&check_timer);
ev_timer_start(loop, &check_timer);
ev_run(loop, 0);
ubus_init();
uloop_run();
uloop_done();
ubus_done();
return(1);
}

2
feeds/wlan-ap/apc/src/src/iface.c
View File

@ -65,7 +65,7 @@ void apc_iface_chstate(struct apc_iface * ifa, u8 state)
if (state == oldstate)
return;
printf("Interface %s changed state from %s to %s\n",
ifa->ifname, apc_is_names[oldstate], apc_is_names[state]);

16
feeds/wlan-ap/apc/src/src/neighbor.c
View File

@ -33,7 +33,6 @@ reset_lists(struct apc_proto *p, struct apc_neighbor *n)
{
}
struct apc_neighbor * apc_neighbor_new(struct apc_iface * ifa)
{
struct apc_neighbor * n = mb_allocz(sizeof(struct apc_neighbor));
@ -52,7 +51,6 @@ struct apc_neighbor * apc_neighbor_new(struct apc_iface * ifa)
return(n);
}
static void apc_neigh_down(struct apc_neighbor * n)
{
struct apc_iface * ifa = n->ifa;
@ -62,7 +60,6 @@ static void apc_neigh_down(struct apc_neighbor * n)
printf("Neighbor %x on %s removed", n->rid, ifa->ifname );
}
/**
* apc_neigh_chstate - handles changes related to new or lod state of neighbor
* @n: APC neighbor
@ -81,7 +78,8 @@ static void apc_neigh_chstate(struct apc_neighbor * n, u8 state)
return;
printf("Neighbor %x on %s changed state from %s to %s\n",
n->rid, ifa->ifname, apc_ns_names[old_state], apc_ns_names[state] );
n->rid, ifa->ifname, apc_ns_names[old_state],
apc_ns_names[state]);
n->state = state;
@ -121,7 +119,6 @@ static void apc_neigh_chstate(struct apc_neighbor * n, u8 state)
apc_iface_sm(ifa, ISM_NEICH);
}
/**
* apc_neigh_sm - apc neighbor state machine
* @n: neighor
@ -218,7 +215,6 @@ void apc_neigh_sm(struct apc_neighbor * n, int event)
}
}
static int can_do_adj(struct apc_neighbor * n)
{
struct apc_iface * ifa = n->ifa;
@ -257,13 +253,11 @@ static int can_do_adj(struct apc_neighbor * n)
return i;
}
static inline u32 neigh_get_id(struct apc_proto *p, struct apc_neighbor *n)
{
return ipa_to_u32(n->ip);
}
static struct apc_neighbor * elect_bdr( struct apc_proto * p, list nl)
{
struct apc_neighbor *neigh, *n1, *n2;
@ -271,7 +265,7 @@ static struct apc_neighbor * elect_bdr( struct apc_proto * p, list nl)
n1 = NULL;
n2 = NULL;
WALK_LIST( neigh, nl ) /* First try those decl. themselves */
WALK_LIST( neigh, nl ) /* First try those decl. themselves */
{
nid = neigh_get_id( p, neigh );
@ -317,7 +311,6 @@ static struct apc_neighbor * elect_bdr( struct apc_proto * p, list nl)
return( n1 );
}
static struct apc_neighbor * elect_dr( struct apc_proto * p, list nl )
{
struct apc_neighbor *neigh, *n;
@ -351,7 +344,6 @@ static struct apc_neighbor * elect_dr( struct apc_proto * p, list nl )
return( n );
}
/**
* apc_dr_election - (Backup) Designed Router election
* @ifa: actual interface
@ -450,7 +442,6 @@ void apc_dr_election(struct apc_iface * ifa)
}
}
struct apc_neighbor * find_neigh_by_ip(struct apc_iface * ifa, ip_addr ip)
{
struct apc_neighbor * n;
@ -463,7 +454,6 @@ struct apc_neighbor * find_neigh_by_ip(struct apc_iface * ifa, ip_addr ip)
return NULL;
}
static void inactivity_timer_hook(struct _timer * tmr)
{
struct apc_neighbor * n = (struct apc_neighbor *) tmr->data;

173
feeds/wlan-ap/apc/src/src/ubus.c Normal file
View File

@ -0,0 +1,173 @@
/* SPDX-License-Identifier: BSD-3-Clause */
#define _GNU_SOURCE
#include <arpa/inet.h>
#include <string.h>
#include <stdio.h>
#include <ev.h>
#include "ubus.h"
#include <libubus.h>
#include <libubox/blobmsg.h>
#include <apc.h>
#include <libubox/uloop.h>
struct ubus_context *ubus_ctx = NULL;
static struct blob_buf b;
static struct blob_buf nb;
static const char *ubus_path;
timer *notify_timer;
extern struct apc_iface * apc_ifa;
#define APC_NOTIFY_INTERVAL 30
struct apc_state {
char mode[4];
char dr_addr[17];
char bdr_addr[17];
bool enabled;
} state;
static int
apc_info_handle(struct ubus_context *ctx, struct ubus_object *obj,
struct ubus_request_data *req, const char *method,
struct blob_attr *msg);
static void ubus_reconnect_timer(struct uloop_timeout *timeout);
static struct uloop_timeout reconnect = {
.cb = ubus_reconnect_timer,
};
static void ubus_reconnect_timer(struct uloop_timeout *timeout)
{
if (ubus_reconnect(ubus_ctx, NULL) != 0) {
printf("APC ubus failed to reconnect\n");
uloop_timeout_set(&reconnect, 2000);
return;
}
printf("APC ubus reconnected\n");
#ifdef FD_CLOEXEC
fcntl(ubus_ctx->sock.fd, F_SETFD,
fcntl(ubus_ctx->sock.fd, F_GETFD) | FD_CLOEXEC);
#endif
}
static void ubus_connection_lost(struct ubus_context *ctx)
{
printf("APC ubus connection lost\n");
ubus_reconnect_timer(NULL);
}
static const struct blobmsg_policy apc_policy = {
.name = "info",
.type = BLOBMSG_TYPE_STRING,
};
static struct ubus_method apc_object_methods[] = {
UBUS_METHOD_NOARG("info", apc_info_handle),
};
static struct ubus_object_type apc_object_type =
UBUS_OBJECT_TYPE("apc", apc_object_methods);
static struct ubus_object apc_object = {
.name = "apc",
.type = &apc_object_type,
.methods = apc_object_methods,
.n_methods = ARRAY_SIZE(apc_object_methods),
};
static int
apc_info_handle(struct ubus_context *ctx, struct ubus_object *obj,
struct ubus_request_data *req, const char *method,
struct blob_attr *msg)
{
blob_buf_init(&b, 0);
blobmsg_add_string(&b, "mode", state.mode);
blobmsg_add_string(&b, "dr_addr", state.dr_addr);
blobmsg_add_string(&b, "bdr_addr", state.bdr_addr);
blobmsg_add_u8(&b, "enabled", state.enabled);
ubus_notify(ctx, &apc_object, "apc", b.head, -1);
ubus_send_event(ctx, "apc", b.head);
ubus_send_reply(ctx, req, b.head);
return 0;
}
static char apc_mode[APC_MAX_MODE][8] = {"DOWN", "LOOP", "WAITING", "PTP", "OR", "BDR", "DR"};
void apc_update_state()
{
struct in_addr dr_addr;
struct in_addr bdr_addr;
dr_addr.s_addr = htonl(apc_ifa->drip);
bdr_addr.s_addr = htonl(apc_ifa->bdrip);
state.enabled = true;
if ((apc_ifa->state == APC_IS_DR) ||
(apc_ifa->state == APC_IS_BACKUP) ||
(apc_ifa->state == APC_IS_DROTHER)) {
snprintf(state.mode, sizeof(state.mode), "%s",
&apc_mode[apc_ifa->state][0]);
snprintf(state.dr_addr, sizeof(state.dr_addr),
"%s", inet_ntoa(dr_addr));
snprintf(state.bdr_addr, sizeof(state.bdr_addr),
"%s", inet_ntoa(bdr_addr));
}
else {
snprintf(state.mode, sizeof(state.mode), "NC");
snprintf(state.dr_addr, sizeof(state.dr_addr), "0.0.0.0");
snprintf(state.bdr_addr, sizeof(state.bdr_addr), "0.0.0.0");
}
}
void apc_send_notification(struct _timer * tmr)
{
apc_update_state();
printf("APC send ubus notification\n");
blob_buf_init(&nb, 0);
blobmsg_add_string(&nb, "mode", state.mode);
blobmsg_add_string(&nb, "dr_addr", state.dr_addr);
blobmsg_add_string(&nb, "bdr_addr", state.bdr_addr);
blobmsg_add_u8(&nb, "enabled", state.enabled);
ubus_notify(ubus_ctx, &apc_object, "apc", nb.head, -1);
}
static void add_object(struct ubus_object *obj)
{
int ret = ubus_add_object(ubus_ctx, obj);
if (ret != 0)
fprintf(stderr, "Add object fail '%s': %s\n",
obj->name, ubus_strerror(ret));
}
int
ubus_init(void) {
ubus_ctx = ubus_connect(NULL);
if (!ubus_ctx)
return -EIO;
ubus_add_uloop(ubus_ctx);
#ifdef FD_CLOEXEC
fcntl(ubus_ctx->sock.fd, F_SETFD,
fcntl(ubus_ctx->sock.fd, F_GETFD) | FD_CLOEXEC);
#endif
add_object(&apc_object);
notify_timer = tm_new_set(apc_send_notification, NULL,
0, APC_NOTIFY_INTERVAL);
if (notify_timer) {
printf("APC Start notify timer\n");
tm_start(notify_timer, APC_NOTIFY_INTERVAL);
}
ubus_ctx->connection_lost = ubus_connection_lost;
return 0;
}
void
ubus_done(void)
{
ubus_free(ubus_ctx);
}

1
feeds/wlan-ap/interAPcomm/Makefile
View File

@ -11,6 +11,7 @@ include $(INCLUDE_DIR)/package.mk
define Package/libinterapcomm
SECTION:=libs
DEPENDS:=+libev +libubox +libubus
CATEGORY:=Libraries
TITLE:=Inter AP communication library
endef

2
feeds/wlan-ap/interAPcomm/src/Makefile
View File

@ -6,7 +6,7 @@ subdirs=src/test
CFLAGS += -O -Wall -Werror -Wshadow
CFLAGS += -I./include/
LIBS = -lev
LIBS = -lev -lubox -lubus
all: $(LIBNAME) $(subdirs)

34
feeds/wlan-ap/interAPcomm/src/src/interAPcomm.c
View File

@ -7,12 +7,28 @@
#include <string.h>
#include <unistd.h>
#include <interAPcomm.h>
#include <libubox/uloop.h>
/*Receiver socket*/
int recv_sock = -1;
recv_arg ra;
static void receive_data_uloop(struct uloop_fd *fd, unsigned int events)
{
void *recv_data;
ssize_t recv_data_len;
recv_data = malloc(ra.len);
memset(recv_data, 0, ra.len);
if ((recv_data_len = recvfrom(recv_sock, recv_data, ra.len,
0, NULL, 0)) < 0)
printf("recvfrom() failed");
ra.cb(recv_data, recv_data_len);
}
static void receive_data(struct ev_loop *ev, ev_io *io, int event)
{
void *recv_data;
@ -28,8 +44,10 @@ static void receive_data(struct ev_loop *ev, ev_io *io, int event)
}
int interap_recv(unsigned short port, int (*recv_cb)(void *, ssize_t), unsigned int len,
struct ev_loop *loop, ev_io *io)
static struct uloop_fd server;
int interap_recv(unsigned short port, int (*recv_cb)(void *, ssize_t),
unsigned int len, struct ev_loop *loop, ev_io *io)
{
struct sockaddr_in addr;
int bcast_perm;
@ -65,8 +83,16 @@ int interap_recv(unsigned short port, int (*recv_cb)(void *, ssize_t), unsigned
}
printf("Interap recving: p:%d\n", port);
ev_io_init(io, receive_data, recv_sock, EV_READ);
ev_io_start(loop, io);
if (io && loop) {
ev_io_init(io, receive_data, recv_sock, EV_READ);
ev_io_start(loop, io);
} else {
server.cb = receive_data_uloop;
server.fd = recv_sock;
uloop_fd_add(&server, ULOOP_READ);
}
return 0;
}

2
feeds/wlan-ap/interAPcomm/src/src/test/Makefile
View File

@ -3,7 +3,7 @@ OBJS = interapcommtest.o
CFLAGS += -Wall $(EXTRA_CFLAGS) $(extra_cflags-y)
LIBS = -L ../../ -linterapcomm -lev
LIBS = -L ../../ -linterapcomm -lev -lubox -lubus
CFLAGS += -I. \
-I../../include/

36
feeds/wlan-ap/interAPcomm/src/src/test/interapcommtest.c
View File

@ -6,6 +6,8 @@
#include <ev.h>
#include <interAPcomm.h>
#include <libubus.h>
struct my_data {
int x;
char y;
@ -13,7 +15,8 @@ struct my_data {
};
int recv_process(void *data) {
int recv_process(void *data, ssize_t n)
{
struct my_data *dat = (struct my_data*) data;
printf("Recv process: %d, %c, %d\n", dat->x, dat->y, dat->z);
@ -22,34 +25,37 @@ int recv_process(void *data) {
int main (int argc, char *argv[ ])
{
unsigned int send = atoi(argv[1]); /* First arg: broadcast port */
unsigned short port = 50000;
unsigned int send = atoi(argv[1]);
unsigned short port = 50020;
// char *dst_ip = "255.255.255.255";
char *dst_ip = "192.168.9.255";
char *dst_ip = "10.42.0.255";
// char *data = "InterAP Hello";
struct my_data data;
data.x = 1001;
data.y = 'H';
data.z = 3003;
// callback cb = recv_process;
printf("arg1 = %d\n", send);
printf("send = %d\n", send);
if (send) {
printf("Send");
interap_send(port, dst_ip, &data, sizeof(data));
while (1)
{
sleep(3);
printf("Sending...\n");
interap_send(port, dst_ip, &data, sizeof(data));
}
}
else {
printf("Recieve");
// interap_recv(port, cb, sizeof(struct my_data));
uloop_init();
callback cb = recv_process;
interap_recv(port, cb, sizeof(struct my_data), NULL, NULL);
uloop_run();
uloop_done();
}
while (1)
{
sleep(3);
printf("In while loop\n");
}
return 1;
}

0
feeds/wlan-ap/opensync/patches/30-power-constraint-schema-consts.patch → feeds/wlan-ap/opensync/patches/32-power-constraint-schema-consts.patch
View File

142
feeds/wlan-ap/opensync/patches/33-add-apc-radsecproxy-schema.patch Normal file
View File

@ -0,0 +1,142 @@
Index: opensync-2.0.5.0/interfaces/opensync.ovsschema
===================================================================
--- opensync-2.0.5.0.orig/interfaces/opensync.ovsschema
+++ opensync-2.0.5.0/interfaces/opensync.ovsschema
@@ -9368,6 +9368,68 @@
}
},
"isRoot": true
+ },
+ "APC_Config": {
+ "columns": {
+ "enabled": {
+ "type": {
+ "key": {
+ "type": "boolean"
+ },
+ "min": 0,
+ "max": 1
+ }
+ }
+ },
+ "isRoot": true,
+ "maxRows": 1
+ },
+ "APC_State": {
+ "columns": {
+ "dr_addr": {
+ "type": {
+ "key": {
+ "type": "string"
+ }
+ }
+ },
+ "bdr_addr": {
+ "type": {
+ "key": {
+ "type": "string"
+ }
+ }
+ },
+ "enabled": {
+ "type": {
+ "key": {
+ "type": "boolean"
+ },
+ "min": 0,
+ "max": 1
+ }
+ },
+ "mode": {
+ "type": {
+ "key": {
+ "type": "string",
+ "enum": [
+ "set",
+ [
+ "DR",
+ "BDR",
+ "OR",
+ "NC"
+ ]
+ ]
+ },
+ "min": 0,
+ "max": 1
+ }
+ }
+ },
+ "isRoot": true,
+ "maxRows": 1
}
}
}
Index: opensync-2.0.5.0/platform/openwrt/src/lib/target/src/radio_ubus.c
===================================================================
--- opensync-2.0.5.0.orig/platform/openwrt/src/lib/target/src/radio_ubus.c
+++ opensync-2.0.5.0/platform/openwrt/src/lib/target/src/radio_ubus.c
@@ -10,6 +10,7 @@
extern struct ev_loop *wifihal_evloop;
static struct ubus_context *ubus;
extern struct ev_loop *wifihal_evloop;
+extern void apc_state_set(struct blob_attr *msg);
int hapd_rrm_enable(char *name, int neighbor, int beacon)
{
@@ -179,6 +180,7 @@ radio_ubus_add_vif_cb(struct ubus_contex
return UBUS_STATUS_OK;
}
+
static const struct ubus_method radio_ubus_methods[] = {
UBUS_METHOD("dbg_add_vif", radio_ubus_add_vif_cb, add_vif_policy),
UBUS_METHOD("dummy", radio_ubus_dummy_cb, dummy_policy),
@@ -201,8 +203,36 @@ static void radio_ubus_connect(struct ub
ubus_add_object(ubus, &radio_ubus_object);
}
+static int radio_ubus_notify(struct ubus_context *ctx, struct ubus_object *obj,
+ struct ubus_request_data *req, const char *method,
+ struct blob_attr *msg)
+{
+ char *str;
+
+ str = blobmsg_format_json(msg, true);
+ LOGD("ubus: Received ubus notify '%s': %s\n", method, str);
+ free(str);
+
+ if (!strncmp(method, "apc", 3)) {
+ LOGD("APC notification Received");
+ apc_state_set(msg);
+ }
+
+ return 0;
+}
+
+
+
static struct ubus_instance ubus_instance = {
.connect = radio_ubus_connect,
+ .notify = radio_ubus_notify,
+ .list = {
+ {
+ .path = "apc",
+ },
+ },
+ .len = 1,
+
};
int radio_ubus_init(void)
Index: opensync-2.0.5.0/src/lib/schema/inc/schema_consts.h
===================================================================
--- opensync-2.0.5.0.orig/src/lib/schema/inc/schema_consts.h
+++ opensync-2.0.5.0/src/lib/schema/inc/schema_consts.h
@@ -154,6 +154,7 @@ typedef enum {
#define SCHEMA_CONSTS_DISABLE_B_RATES "disable_b_rates"
#define SCHEMA_CONSTS_IEEE80211k "ieee80211k"
#define SCHEMA_CONSTS_DYNAMIC_VLAN "dynamic_vlan"
+#define SCHEMA_CONSTS_RADPROXY "radproxy"
/* radio Custom options */
#define SCHEMA_CONSTS_LOCAL_PWR_CONSTRAINT "local_pwr_constraint"

113
feeds/wlan-ap/opensync/patches/34-radsec-schema-consts.patch Normal file
View File

@ -0,0 +1,113 @@
--- a/interfaces/opensync.ovsschema
+++ b/interfaces/opensync.ovsschema
@@ -9439,6 +9439,110 @@
},
"isRoot": true,
"maxRows": 1
+ },
+ "Radius_Proxy_Config": {
+ "columns": {
+ "radius_config_name": {
+ "type": {
+ "key": {
+ "type": "string"
+ },
+ "min": 1,
+ "max": 1
+ }
+ },
+ "radsec": {
+ "type": {
+ "key": {
+ "type": "boolean"
+ },
+ "min": 1,
+ "max": 1
+ }
+ },
+ "server": {
+ "type": {
+ "key": {
+ "type": "string"
+ },
+ "min": 1,
+ "max": 1
+ }
+ },
+ "port": {
+ "type": {
+ "key": {
+ "type": "integer"
+ },
+ "min": 1,
+ "max": 1
+ }
+ },
+ "secret": {
+ "type": {
+ "key": {
+ "type": "string"
+ },
+ "min": 1,
+ "max": 1
+ }
+ },
+ "ca_cert": {
+ "type": {
+ "key": {
+ "type": "string",
+ "minLength": 1,
+ "maxLength": 256
+ },
+ "min": 0,
+ "max": 1
+ }
+ },
+ "client_cert": {
+ "type": {
+ "key": {
+ "type": "string",
+ "minLength": 1,
+ "maxLength": 256
+ },
+ "min": 0,
+ "max": 1
+ }
+ },
+ "client_key": {
+ "type": {
+ "key": {
+ "type": "string",
+ "minLength": 1,
+ "maxLength": 256
+ },
+ "min": 0,
+ "max": 1
+ }
+ },
+ "passphrase": {
+ "type": {
+ "key": {
+ "type": "string",
+ "minLength": 0,
+ "maxLength": 128
+ },
+ "min": 0,
+ "max": 1
+ }
+ },
+ "realm": {
+ "type": {
+ "key": {
+ "type": "string",
+ "maxLength": 256
+ },
+ "min": 0,
+ "max": 16
+ }
+ }
+ },
+ "isRoot": true
}
}
}

38
feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/inc/radius_proxy.h Normal file
View File

@ -0,0 +1,38 @@
/* SPDX-License-Identifier: BSD-3-Clause */
#ifndef RADIUS_PROXY_H_INCLUDED
#define RADIUS_PROXY_H_INCLUDED
#include <stdbool.h>
#include <jansson.h>
#include <ev.h>
#include <sys/time.h>
#include <syslog.h>
#include "log.h"
#include "os_nif.h"
#include "target.h"
#include "dppline.h"
#include "os.h"
#include "util.h"
#include "ovsdb.h"
#include "ovsdb_update.h"
#include "ovsdb_sync.h"
#include "ovsdb_table.h"
#include "ovsdb_cache.h"
#include "schema.h"
#include "target.h"
#include "utils.h"
#include <libubox/list.h>
#include <evsched.h>
extern ovsdb_table_t table_Radius_Proxy_Config;
void callback_Radius_Proxy_Config(ovsdb_update_monitor_t *mon,
struct schema_Radius_Proxy_Config *old, struct schema_Radius_Proxy_Config *conf);
#endif /* RADIUS_PROXY_H_INCLUDED */

1
feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/override.mk
View File

@ -46,6 +46,7 @@ UNIT_SRC_TOP += $(OVERRIDE_DIR)/src/sysupgrade.c
UNIT_SRC_TOP += $(OVERRIDE_DIR)/src/dhcpdiscovery.c
UNIT_SRC_TOP += $(OVERRIDE_DIR)/src/radius_probe.c
UNIT_SRC_TOP += $(OVERRIDE_DIR)/src/rrm_config.c
UNIT_SRC_TOP += $(OVERRIDE_DIR)/src/radius_proxy.c
CONFIG_USE_KCONFIG=y
CONFIG_INET_ETH_LINUX=y

165
feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/radio.c
View File

@ -26,11 +26,16 @@
#include "captive.h"
#include "rrm_config.h"
#include "vlan.h"
#include "radius_proxy.h"
ovsdb_table_t table_Hotspot20_Config;
ovsdb_table_t table_Hotspot20_OSU_Providers;
ovsdb_table_t table_Hotspot20_Icon_Config;
ovsdb_table_t table_APC_Config;
ovsdb_table_t table_APC_State;
unsigned int radproxy_apc;
static struct uci_package *wireless;
struct uci_context *uci;
struct blob_buf b = { };
@ -669,6 +674,157 @@ static void callback_Hotspot20_Icon_Config(ovsdb_update_monitor_t *mon,
}
enum {
WIF_APC_ENABLE,
__WIF_APC_MAX,
};
static const struct blobmsg_policy apc_enpolicy[__WIF_APC_MAX] = {
[WIF_APC_ENABLE] = { .name = "enabled", BLOBMSG_TYPE_BOOL },
};
const struct uci_blob_param_list apc_param = {
.n_params = __WIF_APC_MAX,
.params = apc_enpolicy,
};
void APC_config_update(struct schema_APC_Config *conf)
{
struct uci_package *apc;
struct blob_buf apcb = { };
int rc = 0;
LOGD("APC: APC_config_update");
rc = uci_load(uci, "apc", &apc);
if (rc)
{
LOGD("%s: uci_load failed with rc %d", __func__, rc);
}
blob_buf_init(&apcb, 0);
if (conf->enabled_changed) {
if (conf->enabled == true) {
blobmsg_add_bool(&apcb, "enabled", 1);
system("/etc/init.d/apc start");
}
else {
blobmsg_add_bool(&apcb, "enabled", 0);
system("/etc/init.d/apc stop");
}
}
blob_to_uci_section(uci, "apc", "apc", "apc",
apcb.head, &apc_param, NULL);
uci_commit(uci, &apc, false);
uci_unload(uci, apc);
}
static void callback_APC_Config(ovsdb_update_monitor_t *mon,
struct schema_APC_Config *old,
struct schema_APC_Config *conf)
{
if (mon->mon_type != OVSDB_UPDATE_DEL)
APC_config_update(conf);
}
static void callback_APC_State(ovsdb_update_monitor_t *mon,
struct schema_APC_State *old,
struct schema_APC_State *conf)
{
LOGN("APC_state: enabled:%s dr_addr:%s bdr_addr:%s mode:%s",
(conf->enabled_changed)? "changed":"unchanged",
(conf->dr_addr_changed)? "changed":"unchanged",
(conf->bdr_addr_changed)? "changed":"unchanged",
(conf->mode_changed)? "changed":"unchanged");
/* APC changed: if radproxy enabled then restart wireless */
if (radproxy_apc) {
radproxy_apc = 0;
system("ubus call service event '{\"type\": \"config.change\", \"data\": { \"package\": \"wireless\" }}'");
}
}
struct schema_APC_State apc_state;
enum {
APC_ATTR_MODE,
APC_ATTR_DR_ADDR,
APC_ATTR_BDR_ADDR,
APC_ATTR_ENABLED,
__APC_ATTR_MAX,
};
static const struct blobmsg_policy apc_policy[__APC_ATTR_MAX] = {
[APC_ATTR_MODE] = { .name = "mode", .type = BLOBMSG_TYPE_STRING },
[APC_ATTR_DR_ADDR] = { .name = "dr_addr", .type = BLOBMSG_TYPE_STRING },
[APC_ATTR_BDR_ADDR] = { .name = "bdr_addr", .type = BLOBMSG_TYPE_STRING },
[APC_ATTR_ENABLED] = { .name = "enabled", .type = BLOBMSG_TYPE_BOOL },
};
struct schema_APC_Config apc_conf;
void apc_state_set(struct blob_attr *msg)
{
struct blob_attr *tb[__APC_ATTR_MAX] = { };
blobmsg_parse(apc_policy, __APC_ATTR_MAX, tb,
blob_data(msg), blob_len(msg));
if (tb[APC_ATTR_MODE]) {
LOGD("APC mode: %s", blobmsg_get_string(tb[APC_ATTR_MODE]));
SCHEMA_SET_STR(apc_state.mode,
blobmsg_get_string(tb[APC_ATTR_MODE]));
}
if (tb[APC_ATTR_DR_ADDR]) {
LOGD("APC br-addr: %s", blobmsg_get_string(tb[APC_ATTR_DR_ADDR]));
SCHEMA_SET_STR(apc_state.dr_addr,
blobmsg_get_string(tb[APC_ATTR_DR_ADDR]));
}
if (tb[APC_ATTR_BDR_ADDR]) {
LOGD("APC dbr-addr: %s", blobmsg_get_string(tb[APC_ATTR_BDR_ADDR]));
SCHEMA_SET_STR(apc_state.bdr_addr,
blobmsg_get_string(tb[APC_ATTR_BDR_ADDR]));
}
if (tb[APC_ATTR_ENABLED]) {
LOGD("APC enabled: %d", blobmsg_get_bool(tb[APC_ATTR_ENABLED]));
if (blobmsg_get_bool(tb[APC_ATTR_ENABLED])) {
SCHEMA_SET_INT(apc_state.enabled, true);
}
else {
SCHEMA_SET_INT(apc_state.enabled, false);
}
}
LOGD("APC_state Updating");
if (!ovsdb_table_update(&table_APC_State, &apc_state))
LOG(ERR, "APC_state: failed to update");
}
void apc_init()
{
/* APC Config */
OVSDB_TABLE_INIT(APC_Config, _uuid);
OVSDB_TABLE_MONITOR(APC_Config, false);
SCHEMA_SET_INT(apc_conf.enabled, true);
LOGI("APC state/config Initialize");
if (!ovsdb_table_insert(&table_APC_Config, &apc_conf))
LOG(ERR, "APC_Config: failed to initialize");
/* APC State */
OVSDB_TABLE_INIT_NO_KEY(APC_State);
OVSDB_TABLE_MONITOR(APC_State, false);
SCHEMA_SET_STR(apc_state.mode, "NC");
SCHEMA_SET_STR(apc_state.dr_addr, "0.0.0.0");
SCHEMA_SET_STR(apc_state.bdr_addr, "0.0.0.0");
SCHEMA_SET_INT(apc_state.enabled, false);
if (!ovsdb_table_insert(&table_APC_State, &apc_state))
LOG(ERR, "APC_state: failed to initialize");
}
bool target_radio_init(const struct target_radio_ops *ops)
{
uci = uci_alloc_context();
@ -691,8 +847,13 @@ bool target_radio_init(const struct target_radio_ops *ops)
OVSDB_TABLE_INIT(Hotspot20_Icon_Config, _uuid);
OVSDB_TABLE_MONITOR(Hotspot20_Icon_Config, false);
OVSDB_TABLE_INIT(Wifi_RRM_Config, _uuid);
OVSDB_TABLE_MONITOR(Wifi_RRM_Config, false);
OVSDB_TABLE_INIT(Wifi_RRM_Config, _uuid);
OVSDB_TABLE_MONITOR(Wifi_RRM_Config, false);
OVSDB_TABLE_INIT(Radius_Proxy_Config, _uuid);
OVSDB_TABLE_MONITOR(Radius_Proxy_Config, false);
apc_init();
evsched_task(&periodic_task, NULL, EVSCHED_SEC(5));

357
feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/radius_proxy.c Normal file
View File

@ -0,0 +1,357 @@
/* SPDX-License-Identifier: BSD-3-Clause */
#include <stdio.h>
#include <stdbool.h>
#include <time.h>
#include <uci.h>
#include <uci_blob.h>
#include <target.h>
#include <curl/curl.h>
#include "ovsdb.h"
#include "ovsdb_update.h"
#include "ovsdb_sync.h"
#include "ovsdb_table.h"
#include "ovsdb_cache.h"
#include "nl80211.h"
#include "radio.h"
#include "vif.h"
#include "phy.h"
#include "log.h"
#include "evsched.h"
#include "uci.h"
#include "utils.h"
#include "radius_proxy.h"
ovsdb_table_t table_Radius_Proxy_Config;
struct blob_buf uci_buf = {};
struct blob_attr *n;
extern ovsdb_table_t table_APC_State;
extern json_t* ovsdb_table_where(ovsdb_table_t *table, void *record);
enum {
RADIUS_PROXY_OPTIONS_LISTEN_UDP,
__RADIUS_PROXY_OPTIONS_MAX
};
enum {
RADIUS_PROXY_CLIENT_NAME,
RADIUS_PROXY_CLIENT_TYPE,
RADIUS_PROXY_CLIENT_SECRET,
__RADIUS_PROXY_CLIENT_MAX
};
enum {
RADIUS_PROXY_SERVER_NAME,
RADIUS_PROXY_SERVER_TYPE,
RADIUS_PROXY_SERVER_SECRET,
RADIUS_PROXY_SERVER_STATUS,
RADIUS_PROXY_SERVER_TLS,
RADIUS_PROXY_SERVER_CERT_NAME_CHECK,
__RADIUS_PROXY_SERVER_MAX
};
enum {
RADIUS_PROXY_TLS_NAME,
RADIUS_PROXY_TLS_CA_CERT,
RADIUS_PROXY_TLS_CLIENT_CERT,
RADIUS_PROXY_TLS_CLIENT_KEY,
RADIUS_PROXY_TLS_CERT_PASSWORD,
__RADIUS_PROXY_TLS_MAX,
};
enum {
RADIUS_PROXY_REALM_NAME,
RADIUS_PROXY_REALM_AUTH_SERVER,
RADIUS_PROXY_REALM_ACCT_SERVER,
__RADIUS_PROXY_REALM_MAX
};
static const struct blobmsg_policy radius_proxy_options_policy[__RADIUS_PROXY_OPTIONS_MAX] = {
[RADIUS_PROXY_OPTIONS_LISTEN_UDP] = { .name = "ListenUDP", BLOBMSG_TYPE_ARRAY },
};
static const struct blobmsg_policy radius_proxy_client_policy[__RADIUS_PROXY_CLIENT_MAX] = {
[RADIUS_PROXY_CLIENT_NAME] = { .name = "name", BLOBMSG_TYPE_STRING },
[RADIUS_PROXY_CLIENT_TYPE] = { .name = "type", BLOBMSG_TYPE_STRING },
[RADIUS_PROXY_CLIENT_SECRET] = { .name = "secret", BLOBMSG_TYPE_STRING },
};
static const struct blobmsg_policy radius_proxy_tls_policy[__RADIUS_PROXY_TLS_MAX] = {
[RADIUS_PROXY_TLS_NAME] = { .name = "name", BLOBMSG_TYPE_STRING },
[RADIUS_PROXY_TLS_CA_CERT] = { .name = "CACertificateFile", BLOBMSG_TYPE_STRING },
[RADIUS_PROXY_TLS_CLIENT_CERT] = { .name = "certificateFile", BLOBMSG_TYPE_STRING },
[RADIUS_PROXY_TLS_CLIENT_KEY] = { .name = "certificateKeyFile", BLOBMSG_TYPE_STRING },
[RADIUS_PROXY_TLS_CERT_PASSWORD] = { .name = "certificateKeyPassword", BLOBMSG_TYPE_STRING },
};
static const struct blobmsg_policy radius_proxy_server_policy[__RADIUS_PROXY_SERVER_MAX] = {
[RADIUS_PROXY_SERVER_NAME] = { .name = "name", BLOBMSG_TYPE_STRING },
[RADIUS_PROXY_SERVER_TYPE] = { .name = "type", BLOBMSG_TYPE_STRING },
[RADIUS_PROXY_SERVER_SECRET] = { .name = "secret", BLOBMSG_TYPE_STRING },
[RADIUS_PROXY_SERVER_STATUS] = { .name = "statusServer", BLOBMSG_TYPE_BOOL },
[RADIUS_PROXY_SERVER_TLS] = { .name = "tls", BLOBMSG_TYPE_STRING },
[RADIUS_PROXY_SERVER_CERT_NAME_CHECK] = { .name = "certificateNameCheck", BLOBMSG_TYPE_BOOL },
};
static const struct blobmsg_policy radius_proxy_realm_policy[__RADIUS_PROXY_REALM_MAX] = {
[RADIUS_PROXY_REALM_NAME] = { .name = "name", BLOBMSG_TYPE_STRING },
[RADIUS_PROXY_REALM_AUTH_SERVER] = { .name = "server", BLOBMSG_TYPE_ARRAY },
[RADIUS_PROXY_REALM_ACCT_SERVER] = { .name = "accountingServer", BLOBMSG_TYPE_ARRAY },
};
const struct uci_blob_param_list radius_proxy_options_param = {
.n_params = __RADIUS_PROXY_OPTIONS_MAX,
.params = radius_proxy_options_policy,
};
const struct uci_blob_param_list radius_proxy_client_param = {
.n_params = __RADIUS_PROXY_CLIENT_MAX,
.params = radius_proxy_client_policy,
};
const struct uci_blob_param_list radius_proxy_tls_param = {
.n_params = __RADIUS_PROXY_TLS_MAX,
.params = radius_proxy_tls_policy,
};
const struct uci_blob_param_list radius_proxy_server_param = {
.n_params = __RADIUS_PROXY_SERVER_MAX,
.params = radius_proxy_server_policy,
};
const struct uci_blob_param_list radius_proxy_realm_param = {
.n_params = __RADIUS_PROXY_REALM_MAX,
.params = radius_proxy_realm_policy,
};
size_t file_write(void *ptr, size_t size, size_t nmemb, FILE *stream) {
size_t written = fwrite(ptr, size, nmemb, stream);
return written;
}
static bool radsec_download_cert(char *cert_name, char *dir_name, char *cert_url)
{
CURL *curl;
FILE *fp;
CURLcode res;
char path[200];
char name[32];
char dir[32];
char *gw_clientcert = "/usr/opensync/certs/client.pem";
char *gw_clientkey = "/usr/opensync/certs/client_dec.key";
strcpy(name, cert_name);
strcpy(dir, dir_name);
sprintf(path, "/tmp/radsec/certs/%s/%s", dir, name);
curl = curl_easy_init();
if (curl)
{
fp = fopen(path,"wb");
if (fp == NULL)
{
curl_easy_cleanup(curl);
return false;
}
if (cert_url == NULL)
{
curl_easy_cleanup(curl);
fclose(fp);
return false;
}
curl_easy_setopt(curl, CURLOPT_SSLCERT, gw_clientcert);
curl_easy_setopt(curl, CURLOPT_SSLKEY, gw_clientkey);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
curl_easy_setopt(curl, CURLOPT_HEADER, 0L);
curl_easy_setopt(curl, CURLOPT_URL, cert_url);
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, file_write);
curl_easy_setopt(curl, CURLOPT_WRITEDATA, fp);
res = curl_easy_perform(curl);
curl_easy_cleanup(curl);
fclose(fp);
return res;
}
return true;
}
static bool radius_proxy_config_set(struct schema_Radius_Proxy_Config *conf )
{
int i=0;
char path[200];
char name[256];
struct schema_APC_State apc_conf;
/* Configure only if APC selects this as master AP (DR) */
json_t *where = ovsdb_table_where(&table_APC_State, &apc_conf);
if (false == ovsdb_table_select_one_where(&table_APC_State,
where, &apc_conf)) {
LOG(INFO, "APC_State read failed");
return false;
}
if (!strncmp(apc_conf.mode, "OR", 2) || !strncmp(apc_conf.mode, "BDR", 2))
return false;
/* Configure options block */
blob_buf_init(&uci_buf, 0);
n = blobmsg_open_array(&uci_buf,"ListenUDP");
blobmsg_add_string(&uci_buf, NULL, "127.0.0.1:1812");
blobmsg_add_string(&uci_buf, NULL, "127.0.0.1:1813");
blobmsg_close_array(&uci_buf, n);
memset(name, '\0', sizeof(name));
sprintf(name, "%s%s", conf->radius_config_name, "options");
blob_to_uci_section(uci, "radsecproxy", name, "options",
uci_buf.head, &radius_proxy_options_param, NULL);
/* Configure client block */
blob_buf_init(&uci_buf, 0);
blobmsg_add_string(&uci_buf, "name", "localhost");
blobmsg_add_string(&uci_buf, "type", "udp");
blobmsg_add_string(&uci_buf, "secret", "secret");
memset(name, '\0', sizeof(name));
sprintf(name, "%s%s", conf->radius_config_name, "client");
blob_to_uci_section(uci, "radsecproxy", name, "client",
uci_buf.head, &radius_proxy_client_param, NULL);
/* Configure TLS/non-TLS and server blocks */
if (conf->radsec)
{
blob_buf_init(&uci_buf, 0);
radsec_download_cert("cacert.pem",
conf->radius_config_name, conf->ca_cert);
radsec_download_cert("clientcert.pem",
conf->radius_config_name, conf->client_cert);
radsec_download_cert("clientdec.key",
conf->radius_config_name, conf->client_key);
blobmsg_add_string(&uci_buf, "name", conf->server);
memset(path, '\0', sizeof(path));
sprintf(path, "/tmp/radsec/certs/%s/cacert.pem",
conf->radius_config_name);
blobmsg_add_string(&uci_buf, "CACertificateFile", path);
memset(path, '\0', sizeof(path));
sprintf(path, "/tmp/radsec/certs/%s/clientcert.pem",
conf->radius_config_name);
blobmsg_add_string(&uci_buf, "certificateFile", path);
memset(path, '\0', sizeof(path));
sprintf(path, "/tmp/radsec/certs/%s/clientdec.key",
conf->radius_config_name);
blobmsg_add_string(&uci_buf, "certificateKeyFile", path);
if (strlen(conf->passphrase) > 0)
blobmsg_add_string(&uci_buf, "certificateKeyPassword", conf->passphrase);
memset(name, '\0', sizeof(name));
sprintf(name, "%s%s", conf->radius_config_name, "tls");
blob_to_uci_section(uci, "radsecproxy", name,
"tls", uci_buf.head, &radius_proxy_tls_param, NULL);
blob_buf_init(&uci_buf, 0);
blobmsg_add_string(&uci_buf, "name", conf->server);
blobmsg_add_string(&uci_buf, "type", "tls");
blobmsg_add_string(&uci_buf, "tls", conf->server);
blobmsg_add_string(&uci_buf, "secret", "radsec");
blobmsg_add_bool(&uci_buf, "statusServer", 0);
blobmsg_add_bool(&uci_buf, "certificateNameCheck", 0);
memset(name, '\0', sizeof(name));
sprintf(name, "%s%s", conf->radius_config_name, "server");
blob_to_uci_section(uci, "radsecproxy", name, "server",
uci_buf.head, &radius_proxy_server_param, NULL);
}
else /* non-TLS block */
{
blob_buf_init(&uci_buf, 0);
blobmsg_add_string(&uci_buf, "name", conf->server);
blobmsg_add_string(&uci_buf, "type", "udp");
if (strlen(conf->secret) > 0)
blobmsg_add_string(&uci_buf, "secret", conf->secret);
memset(name, '\0', sizeof(name));
sprintf(name, "%s%s", conf->radius_config_name, "server");
blob_to_uci_section(uci, "radsecproxy", name, "server",
uci_buf.head, &radius_proxy_server_param, NULL);
}
/* Configure realm block */
for (i = 0; i < conf->realm_len; i++)
{
blob_buf_init(&uci_buf, 0);
blobmsg_add_string(&uci_buf, "name", conf->realm[i]);
n = blobmsg_open_array(&uci_buf,"server");
blobmsg_add_string(&uci_buf, NULL, conf->server);
blobmsg_close_array(&uci_buf, n);
n = blobmsg_open_array(&uci_buf,"accountingServer");
blobmsg_add_string(&uci_buf, NULL, conf->server);
blobmsg_close_array(&uci_buf, n);
memset(name, '\0', sizeof(name));
sprintf(name, "%s%s%d", conf->radius_config_name, "realm", i);
blob_to_uci_section(uci, "radsecproxy", name, "realm",
uci_buf.head, &radius_proxy_realm_param, NULL);
}
uci_commit_all(uci);
return true;
}
static bool radius_proxy_config_delete()
{
struct uci_package *radsecproxy;
struct uci_element *e = NULL, *tmp = NULL;
int ret=0;
ret= uci_load(uci, "radsecproxy", &radsecproxy);
if (ret) {
LOGD("%s: uci_load() failed with rc %d", __func__, ret);
return false;
}
uci_foreach_element_safe(&radsecproxy->sections, tmp, e) {
struct uci_section *s = uci_to_section(e);
if ((s == NULL) || (s->type == NULL)) continue;
uci_section_del(uci, "radsecproxy", "radsecproxy",
(char *)s->e.name, s->type);
}
uci_commit(uci, &radsecproxy, false);
uci_unload(uci, radsecproxy);
reload_config = 1;
return true;
}
void callback_Radius_Proxy_Config(ovsdb_update_monitor_t *self,
struct schema_Radius_Proxy_Config *old,
struct schema_Radius_Proxy_Config *conf)
{
switch (self->mon_type)
{
case OVSDB_UPDATE_NEW:
case OVSDB_UPDATE_MODIFY:
(void) radius_proxy_config_set(conf);
break;
case OVSDB_UPDATE_DEL:
(void) radius_proxy_config_delete();
(void) radius_proxy_config_set(conf);
break;
default:
LOG(ERR, "Radius_Proxy_Config: unexpected mon_type %d %s",
self->mon_type, self->mon_uuid);
break;
}
return;
}

197
feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/vif.c
View File

@ -131,6 +131,7 @@ enum {
WIF_ATTR_MIN_HW_MODE,
WIF_ATTR_11R_R0KH,
WIF_ATTR_11R_R1KH,
WIF_ATTR_RADPROXY,
__WIF_ATTR_MAX,
};
@ -224,6 +225,7 @@ static const struct blobmsg_policy wifi_iface_policy[__WIF_ATTR_MAX] = {
[WIF_ATTR_MIN_HW_MODE] = { .name = "min_hw_mode", BLOBMSG_TYPE_STRING },
[WIF_ATTR_11R_R0KH] = { .name = "r0kh", BLOBMSG_TYPE_STRING },
[WIF_ATTR_11R_R1KH] = { .name = "r1kh", BLOBMSG_TYPE_STRING },
[WIF_ATTR_RADPROXY] = { .name = "radproxy", BLOBMSG_TYPE_STRING },
};
const struct uci_blob_param_list wifi_iface_param = {
@ -315,6 +317,61 @@ static struct vif_crypto {
{ "wpa3-mixed", OVSDB_SECURITY_ENCRYPTION_WPA3_EAP, OVSDB_SECURITY_MODE_MIXED, 1 },
};
extern ovsdb_table_t table_APC_State;
extern json_t* ovsdb_table_where(ovsdb_table_t *table, void *record);
extern unsigned int radproxy_apc;
/* Custom options table */
#define SCHEMA_CUSTOM_OPT_SZ 20
#define SCHEMA_CUSTOM_OPTS_MAX 13
const char custom_options_table[SCHEMA_CUSTOM_OPTS_MAX][SCHEMA_CUSTOM_OPT_SZ] =
{
SCHEMA_CONSTS_RATE_LIMIT,
SCHEMA_CONSTS_RATE_DL,
SCHEMA_CONSTS_RATE_UL,
SCHEMA_CONSTS_CLIENT_RATE_DL,
SCHEMA_CONSTS_CLIENT_RATE_UL,
SCHEMA_CONSTS_IEEE80211k,
SCHEMA_CONSTS_RTS_THRESHOLD,
SCHEMA_CONSTS_DTIM_PERIOD,
SCHEMA_CONSTS_RADIUS_OPER_NAME,
SCHEMA_CONSTS_RADIUS_NAS_ID,
SCHEMA_CONSTS_RADIUS_NAS_IP,
SCHEMA_CONSTS_DYNAMIC_VLAN,
SCHEMA_CONSTS_RADPROXY,
};
static bool vif_config_custom_opt_get_proxy(
const struct schema_Wifi_VIF_Config *vconf)
{
int i;
const char *opt;
const char *val;
char value[20];
for (i = 0; i < SCHEMA_CUSTOM_OPTS_MAX; i++) {
opt = custom_options_table[i];
val = SCHEMA_KEY_VAL(vconf->custom_options, opt);
if (!val)
strncpy(value, "0", 20);
else
strncpy(value, val, 20);
if (strcmp(opt, "radproxy") == 0) {
if (strcmp(value, "1") == 0) {
radproxy_apc |= 1;
return true;
}
else {
radproxy_apc |= 0;
return false;
}
}
}
return false;
}
static int vif_config_security_set(struct blob_buf *b,
const struct schema_Wifi_VIF_Config *vconf)
{
@ -322,8 +379,10 @@ static int vif_config_security_set(struct blob_buf *b,
const char *mode = SCHEMA_KEY_VAL(vconf->security, SCHEMA_CONSTS_SECURITY_MODE);
unsigned int i;
unsigned int acct_interval;
const char *auth_server, *auth_port, *auth_secret, *security_key;
const char *auth_server, *auth_port, *auth_secret, *security_key, *acct_server;
char key_str[64], key_holder_str[128];
struct schema_APC_State apc_conf;
const char *local_server = "127.0.0.1";
if (!strcmp(encryption, OVSDB_SECURITY_ENCRYPTION_OPEN) || !mode)
goto open;
@ -341,20 +400,48 @@ static int vif_config_security_set(struct blob_buf *b,
}
if (vif_crypto[i].enterprise) {
if (vif_config_custom_opt_get_proxy(vconf)) {
LOGN("%s: Apply Proxy Security Settings", vconf->if_name);
json_t *where = ovsdb_table_where(&table_APC_State, &apc_conf);
if (false == ovsdb_table_select_one_where(&table_APC_State,
where, &apc_conf)) {
LOG(INFO, "APC_State read failed");
return -1;
}
if (!strncmp(apc_conf.mode, "DR", 2)) {
auth_server = local_server;
acct_server = local_server;
} else if (!strncmp(apc_conf.mode, "OR", 2) ||
!strncmp(apc_conf.mode, "BDR", 2)) {
auth_server = apc_conf.dr_addr;
acct_server = apc_conf.dr_addr;
}
else {
auth_server = local_server;
acct_server = local_server;
}
}
else
{
auth_server = SCHEMA_KEY_VAL(vconf->security, SCHEMA_CONSTS_SECURITY_RADIUS_IP);
acct_server = SCHEMA_KEY_VAL(vconf->security, OVSDB_SECURITY_RADIUS_ACCT_IP);
}
acct_interval = 0;
auth_server = SCHEMA_KEY_VAL(vconf->security, SCHEMA_CONSTS_SECURITY_RADIUS_IP);
auth_port = SCHEMA_KEY_VAL(vconf->security, SCHEMA_CONSTS_SECURITY_RADIUS_PORT);
auth_secret = SCHEMA_KEY_VAL(vconf->security, SCHEMA_CONSTS_SECURITY_RADIUS_SECRET);
LOGT("%s: Server IP %s port %s secret %s", vconf->if_name, auth_server, auth_port, auth_secret);
if (!auth_server[0] || !auth_port[0] || !auth_secret[0]) {
LOGI("%s: Incomplete RADIUS security config - SSID not created", vconf->if_name);
return -1;
}
blobmsg_add_string(b, "auth_server", auth_server);
blobmsg_add_string(b, "auth_port", auth_port );
blobmsg_add_string(b, "auth_secret", auth_secret );
blobmsg_add_string(b, "acct_server",
SCHEMA_KEY_VAL(vconf->security, OVSDB_SECURITY_RADIUS_ACCT_IP));
blobmsg_add_string(b, "acct_server", acct_server);
blobmsg_add_string(b, "acct_port",
SCHEMA_KEY_VAL(vconf->security, OVSDB_SECURITY_RADIUS_ACCT_PORT));
blobmsg_add_string(b, "acct_secret",
@ -481,25 +568,6 @@ out_none:
OVSDB_SECURITY_ENCRYPTION_OPEN);
}
/* Custom options table */
#define SCHEMA_CUSTOM_OPT_SZ 20
#define SCHEMA_CUSTOM_OPTS_MAX 12
const char custom_options_table[SCHEMA_CUSTOM_OPTS_MAX][SCHEMA_CUSTOM_OPT_SZ] =
{
SCHEMA_CONSTS_RATE_LIMIT,
SCHEMA_CONSTS_RATE_DL,
SCHEMA_CONSTS_RATE_UL,
SCHEMA_CONSTS_CLIENT_RATE_DL,
SCHEMA_CONSTS_CLIENT_RATE_UL,
SCHEMA_CONSTS_IEEE80211k,
SCHEMA_CONSTS_RTS_THRESHOLD,
SCHEMA_CONSTS_DTIM_PERIOD,
SCHEMA_CONSTS_RADIUS_OPER_NAME,
SCHEMA_CONSTS_RADIUS_NAS_ID,
SCHEMA_CONSTS_RADIUS_NAS_IP,
SCHEMA_CONSTS_DYNAMIC_VLAN,
};
static void vif_config_custom_opt_set(struct blob_buf *b, struct blob_buf *del,
const struct schema_Wifi_VIF_Config *vconf)
@ -586,7 +654,8 @@ static void vif_config_custom_opt_set(struct blob_buf *b, struct blob_buf *del,
strncpy(value, "br-wan.", 20);
blobmsg_add_string(del, "vlan_bridge", value);
}
}
} else if (strcmp(opt, "radproxy") == 0)
blobmsg_add_string(b, "radproxy", value);
}
/* No NASID was found from blob, so use BSSID as NASID */
@ -729,7 +798,15 @@ static void vif_state_custom_options_get(struct schema_Wifi_VIF_State *vstate,
custom_options_table[i],
buf);
}
} else if (strcmp(opt, "radproxy") == 0) {
if (tb[WIF_ATTR_RADPROXY]) {
buf = blobmsg_get_string(tb[WIF_ATTR_RADPROXY]);
set_custom_option_state(vstate, &index,
custom_options_table[i],
buf);
}
}
}
}
@ -925,6 +1002,70 @@ void vif_section_del(char *section_name)
}
static void vif_check_radius_proxy()
{
struct uci_context *uci_ctx;
struct uci_package *wireless;
struct schema_APC_State apc_conf;
struct uci_element *e = NULL, *tmp = NULL;
char *buf = NULL;
int rc = 0;
json_t *where = ovsdb_table_where(&table_APC_State, &apc_conf);
if (false == ovsdb_table_select_one_where(&table_APC_State, where, &apc_conf))
{
LOGI("APC_State read failed");
return;
}
uci_ctx = uci_alloc_context();
rc = uci_load(uci_ctx, "wireless", &wireless);
if (rc)
{
LOGD("%s: uci_load() failed with rc %d", __func__, rc);
goto free;
}
uci_foreach_element_safe(&wireless->sections, tmp, e)
{
struct blob_attr *tb[__WIF_ATTR_MAX];
struct uci_section *s = uci_to_section(e);
if ((s == NULL) || (s->type == NULL))
continue;
if (strcmp(s->type, "wifi-iface"))
continue;
blob_buf_init(&b, 0);
uci_to_blob(&b, s, &wifi_iface_param);
blobmsg_parse(wifi_iface_policy, __WIF_ATTR_MAX, tb, blob_data(b.head), blob_len(b.head));
if (tb[WIF_ATTR_RADPROXY])
{
buf = blobmsg_get_string(tb[WIF_ATTR_RADPROXY]);
if (!strcmp(buf, "1") && !strcmp(apc_conf.mode, "DR"))
{
if (!system("pidof radsecproxy"))
goto free;
system("/etc/init.d/radsecproxy start");
goto free;
}
}
}
system("/etc/init.d/radsecproxy stop");
free:
uci_unload(uci_ctx, wireless);
uci_free_context(uci_ctx);
return;
}
static bool hs20_download_icon(char *icon_name, char *icon_url)
{
CURL *curl;
@ -1427,9 +1568,8 @@ static int ap_vif_config_set(const struct schema_Wifi_Radio_Config *rconf,
blobmsg_add_bool(&b, "wpa_disable_eapol_key_retries", 1);
blobmsg_add_u32(&b, "channel", rconf->channel);
if (vif_config_security_set(&b, vconf)) {
return -1;
}
if (vif_config_security_set(&b, vconf))
return -1;
if (changed->custom_options)
vif_config_custom_opt_set(&b, &del, vconf);
@ -1452,6 +1592,9 @@ static int ap_vif_config_set(const struct schema_Wifi_Radio_Config *rconf,
vif_dhcp_opennds_allowlist_set(vconf,(char*)vconf->if_name);
}
if (changed->custom_options)
vif_check_radius_proxy();
reload_config = 1;
return 0;
}

2
profiles/wlan-ap.yml
View File

@ -78,6 +78,8 @@ packages:
- kmod-iptunnel
- kmod-iptunnel6
- eapol-test
- apc
- radsecproxy
diffconfig: |
CONFIG_OPENSSL_ENGINE=y